Faster Whisper Gpu

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local transcription skill with normal dependency/model downloads and user-chosen transcript output files.

Install in a Python environment where you are comfortable downloading Faster Whisper, PyTorch, and Whisper model files. Prefetch models if you need offline use, and choose output filenames in safe directories to avoid overwriting important files.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill advertises transcription as '100% local' and says no data leaves the machine, but it also states that models are automatically downloaded from Hugging Face on first use. Even if audio content is not uploaded, this still creates external network activity and can violate user expectations, offline-use assumptions, or restricted-environment policies.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal